Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: kristin.
kristin. Author
User level: Level 2
264 points

SSH user, via Open Directory, can't SUDO...

On three of my Xserves I have SSH access restricted to a handful of users and these users are Open Directory-based users. Aside from the fact that these users don't have a home directory on the servers they connect to (as they're not local users to those machines), I'm having an issue where, when they try and run a command via SUDO, they get an error stating they are not in the sudoers file and thus can't complete the command.


I'm wondering if anyone has a solution for this? Should I not be using OD-based users for SSH?


Thanks,

Kristin.

Posted on Mar 22, 2012 11:17 AM

Reply
1 reply
User profile for user: Esther Mofet
Esther Mofet
User level: Level 1
134 points

Mar 22, 2012 3:33 PM in response to kristin.

Sure, you can use OD-based users and sudo.


Maybe add your users to the domain's Administrators group, which, by default, would grant sudo on the member machines. Careful, though, as that's the _domain_ administration group. If you need to restrict access so they can't make domain admin level changes but so they can do just about anything on your member servers and workstations, you could just create a new sudo group, maybe called "sudo-admins" then append an appropriate line to the sudoers files on all of your machines... maybe a line that reads:


%sudo-admins ALL=(ALL) ALL


(standard warning about using caution while editing sudoers goes here -- be careful)

Reply

SSH user, via Open Directory, can't SUDO...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up